aboutsummaryrefslogtreecommitdiff
path: root/cmd/sigsum/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/sigsum/main.go')
-rw-r--r--cmd/sigsum/main.go116
1 files changed, 116 insertions, 0 deletions
diff --git a/cmd/sigsum/main.go b/cmd/sigsum/main.go
new file mode 100644
index 0000000..460eba3
--- /dev/null
+++ b/cmd/sigsum/main.go
@@ -0,0 +1,116 @@
+// package main provides a tool named `sigsum`.
+//
+// Build as follows:
+//
+// $ go build -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'"
+//
+// Install as follows:
+//
+// $ go install -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'"
+//
+package main
+
+import (
+ "flag"
+ "fmt"
+ "log"
+ "os"
+
+ "git.sigsum.org/sigsum-tool-go/pkg/policy"
+)
+
+const usage = `sigsum version %s
+
+Usage:
+ sigsum help
+ Output usage message.
+
+ sigsum verify -t TYPE -k PUBLIC_KEY FILE
+ Verify that a file's signed checksum is public and valid.
+ -t, --type Signature format (Available options: signify, minisign, ssh)
+ -k, --key Path to a public key.
+
+ sigsum bundle -t TYPE -k PUBLIC_KEY -d DOMAIN_HINT FILE...
+ Perform logging request(s) and write inclusion proof bundle(s).
+ -t, --type Signature format (Available options: signify, minisign, ssh)
+ -k, --key Path to a public key.
+ -d, --domain-hint Domain name that is aware of the public key.
+
+ sigsum format FILE
+ Output bytes to be Ed25519-signed.
+
+ sigsum namespace
+ Output namespace to be used in SSH signing context.
+
+Transparency log proofs and signatures must be located at $FILE.sigsum.v0.
+Signatures must be located at $FILE.{sig,minisig}, depending on -t TYPE.
+
+`
+
+var (
+ optBundleType, optBundleKey, optBundleDomainHint string
+ optVerifyType, optVerifyKey string
+
+ someVersion = "unknown"
+)
+
+func main() {
+ log.SetFlags(0)
+
+ var err error
+ var defaultPolicy policy.DefaultPolicy
+ switch cmd := parseCommand(); cmd.Name() {
+ case "help":
+ cmd.Usage()
+ case "verify":
+ err = cmdVerify(cmd.Args(), &defaultPolicy, optVerifyType, optVerifyKey)
+ case "bundle":
+ err = cmdBundle(cmd.Args(), &defaultPolicy, optBundleType, optBundleKey, optBundleDomainHint)
+ case "format":
+ err = cmdFormat(cmd.Args(), &defaultPolicy)
+ case "namespace":
+ err = cmdNamespace(cmd.Args(), &defaultPolicy)
+ default:
+ err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help")
+ }
+
+ if err != nil {
+ log.Printf("%s", err)
+ os.Exit(1)
+ }
+}
+
+func parseCommand() (fs *flag.FlagSet) {
+ args := os.Args
+ if len(args) < 2 {
+ args = append(args, "")
+ }
+ defer func() {
+ registerOptions(fs)
+ fs.Usage = func() {
+ log.Printf(usage, someVersion)
+ }
+ fs.Parse(args)
+ }()
+
+ fs = flag.NewFlagSet(args[1], flag.ExitOnError)
+ args = args[2:]
+ return
+}
+
+func registerOptions(fs *flag.FlagSet) {
+ switch cmd := fs.Name(); cmd {
+ case "verify":
+ registerStringOption(fs, &optVerifyType, "t", "type", "")
+ registerStringOption(fs, &optVerifyKey, "k", "key", "")
+ case "bundle":
+ registerStringOption(fs, &optBundleType, "t", "type", "")
+ registerStringOption(fs, &optBundleKey, "k", "key", "")
+ registerStringOption(fs, &optBundleDomainHint, "d", "domain-hint", "")
+ }
+}
+
+func registerStringOption(fs *flag.FlagSet, opt *string, short, long, value string) {
+ fs.StringVar(opt, short, value, "")
+ fs.StringVar(opt, long, value, "")
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 23:06:53 +0000